Skip to content

Commit

Permalink
Allow premium users to upload themes using a deck token
Browse files Browse the repository at this point in the history
  • Loading branch information
@suchmememanyskill
suchmememanyskill committed Mar 2, 2024
1 parent a4c4d2a commit d2c723f
Show file tree
Hide file tree
Showing 6 changed files with 17 additions and 3 deletions.
2 changes: 1 addition & 1 deletion DeckPersonalisationApi/Controllers/BlobController.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@ public IActionResult GetBlobsFromUser()

[HttpPost]
[Authorize]
[JwtRoleReject(Permissions.FromApiToken)]
[JwtRoleReject(Permissions.FromApiToken, true)]
public IActionResult PostBlob(IFormFile file)
{
UserJwtDto dto = _jwt.DecodeToken(Request).Require();
Expand Down
2 changes: 1 addition & 1 deletion DeckPersonalisationApi/Controllers/SubmissionController.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ public IActionResult SubmitAudioPackViaGit(GitSubmitPostDto post)

[HttpPost("css_zip")]
[Authorize]
[JwtRoleReject(Permissions.FromApiToken)]
[JwtRoleReject(Permissions.FromApiToken, true)]
public IActionResult SubmitCssThemeViaZip(ZipSubmissionPostDto post)
{
UserJwtDto dto = _jwt.DecodeToken(Request).Require("Could not find user");
Expand Down
3 changes: 2 additions & 1 deletion DeckPersonalisationApi/Middleware/JwtRole/JwtRoleAttributeMiddleware.cs
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
using DeckPersonalisationApi.Exceptions;
using DeckPersonalisationApi.Model;
using DeckPersonalisationApi.Model.Dto.External.GET;
using DeckPersonalisationApi.Services;
using Microsoft.AspNetCore.Http.Features;
Expand Down Expand Up @@ -30,7 +31,7 @@ public async Task InvokeAsync(HttpContext context, JwtService jwt)
if (user == null)
throw new UnauthorisedException("Failed to decode JWT");

if (reject != null)
if (reject != null && !(reject.OnlyIfNotPremium && user.HasPermission(Permissions.IsPremium)))
user.RejectPermission(reject.Reject);

if (require != null)
Expand Down
8 changes: 8 additions & 0 deletions DeckPersonalisationApi/Middleware/JwtRole/JwtRoleReject.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,16 @@ public class JwtRoleReject : Attribute
{
public Permissions Reject { get; set; }

public bool OnlyIfNotPremium { get; set; }

public JwtRoleReject(Permissions reject)
{
Reject = reject;
}

public JwtRoleReject(Permissions reject, bool onlyIfNotPremium)
{
Reject = reject;
OnlyIfNotPremium = onlyIfNotPremium;
}
}
4 changes: 4 additions & 0 deletions DeckPersonalisationApi/Model/Dto/External/GET/UserJwtDto.cs
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
using DeckPersonalisationApi.Exceptions;
using DeckPersonalisationApi.Services;

namespace DeckPersonalisationApi.Model.Dto.External.GET;

Expand Down Expand Up @@ -31,6 +32,9 @@ public UserJwtDto(User user)
Permissions = user.Permissions;
Avatar = user.GetAvatarUri()?.AbsoluteUri ?? "";
ValidationToken = user.ValidationToken;

if (DiscordBot.Instance.PermissionStateOfUser(Id) != "None")
Permissions |= Permissions.IsPremium;
}

public bool HasPermission(Permissions permission)
Expand Down
1 change: 1 addition & 0 deletions DeckPersonalisationApi/Model/Permissions.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ public enum Permissions
ManageApi = 0x4,
FromApiToken = 0x8,
ViewThemeSubmissions = 0x10,
IsPremium = 0x20,
}

public static class PermissionExt
Expand Down

0 comments on commit d2c723f

Please sign in to comment.